Responsibilities
- Lead global ownership of Technology Risk and Resilience programs, including performance metrics and internal process governance.
- Oversee Information Technology (IT) Risk Management by monitoring technology, data, and security controls in alignment with ISO 27001 and business operations.
- Ensure enterprise-wide compliance with the Digital Operational Resilience Act (DORA) and UK PS21/3 regulations, including incident and crisis response protocols.
- Enforce inclusion of DORA-mandated terms, security requirements, and exit strategies in all vendor agreements.
- Perform continuous risk evaluations and due diligence on third-party providers handling critical or important functions.
- Provide independent governance of the Group Security function to maintain alignment with recognized cybersecurity frameworks.
- Evaluate and validate the effectiveness of security measures such as identity management, encryption, and vulnerability detection; review and report on security events.
- Manage Business Process Mapping across regions, including oversight and assessment of more than 200 operational workflows.
- Drive organization-wide initiatives to strengthen resilience against major disruptions, including cyber threats and system failures.
- Supervise annual digital resilience testing, including threat-led penetration tests and vulnerability assessments.
- Preside over key governance committees including Digital and Operational Resilience, IT Risk Management, and Third-Party Risk Oversight.
- Design and deliver risk reporting and performance indicators for senior leadership and Board review, covering technology, security, resilience, and third-party risks.
- Coordinate regulatory engagements, audits, and supervisory interactions related to Technology Risk and Resilience.
Work Arrangement
Hybrid — Madrid
Team
Second line of defense
Other
- Four days per week required in office, one day permitted for remote work.
- Proficiency in English is mandatory.